package com.jdbc.utils;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class SQLinjection1 {
    public static void main(String[] args) {
        login("'or' 1=1","'or' 1=1");
    }
    public static void login(String username,String password){
        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;
        try {
            conn = JdbcUtils.getConnection();
            st = conn.createStatement();
            String sql = "Select * from `users` where `NAME` = '"+username+"' AND `password` = '"+password+"'";
            rs = st.executeQuery(sql);
            while(rs.next()){
                System.out.println("id:"+rs.getObject("id"));
                System.out.println("NAME:"+rs.getObject("NAME"));
                System.out.println("PASSWORD:"+rs.getObject("PASSWORD"));
                System.out.println("email:"+rs.getObject("email"));
                System.out.println("birthday:"+rs.getObject("birthday"));
                System.out.println("-------------------------");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            JdbcUtils.release(conn,st,rs);
        }
    }
}
